Commit graph

193 commits

Author SHA1 Message Date
Sheogorath
c4dba48f79
Fix possible file limit errors
As we currently may need higher nofile limits than usual/default on
various systems this commit should probide a fix for that an allow to
build HackMD without highering these limits and increase security.

Inspiration was found in a copy-webpack-plugin-issue[1] and found by
@thegcat[2]. Thanks for that!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

[1]:
https://github.com/webpack-contrib/copy-webpack-plugin/issues/59#issuecomment-228563990
[2]: https://github.com/thegcat
2018-04-16 21:08:34 +02:00
Sheogorath
f23f403bcb
Extend README
Add hint about file descriptor limits and add the new translation
platform.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-11 09:38:56 +02:00
Sheogorath
14a0f8594f
Merge branch 'feature/releaseNotes1.1.0' 2018-04-06 16:24:08 +02:00
Sheogorath
81e5ebf6d6
Add migration section to README.md
As it was requested to be more visable, this commit adds a migration
section about the introduced config style changes.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-04-06 02:20:34 +02:00
Sheogorath
30b5ff0d96
Add session data to env vars
Currently the session secret can only be set by config.json or docker
secrets. This creates a problem on Heroku hosted instances that can not
set a session secret.

Since we automatically generate them on startup this results in an
logout of all users on every config change in Heroku.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-29 19:34:32 +02:00
Sheogorath
2411dffa2c
Change config to camel case with backwards compatibility
This refactors the configs a bit to now use camel case everywhere.
This change should help to clean up the config interface and make it
better understandable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 19:08:14 +02:00
Sheogorath
efa490a50f
Add config option for report URI in CSP
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-14 17:57:41 +01:00
Felix Schäfer
6094c61871 Remove unused LDAP option tokenSecret
hackmdio/hackmd#754

Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-03-05 14:06:05 +01:00
Dustin Frisch
d6ee10d176
Introduce ldap.useridField
Signed-off-by: Dustin Frisch <fooker@lab.sh>
2018-03-01 23:51:47 +01:00
Zearin
b8e019c6b0 Rerun doctoc
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 13:08:05 -05:00
Zearin
b0f524e55e Update README.md
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
2018-02-17 12:51:48 -05:00
Christoph (Sheogorath) Kern
dfa0851d8f
Add matrix.org badge to README.md
Matrix.org is an interesting platform for collaboration and community building. 

Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more.

Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias.

Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
2018-02-08 15:27:07 +01:00
Sheogorath
1a4800e21a
Update Heroku button
The button needs a parameter to work, that provides the git repository
that is used for the deployment. This commit corrects the link and this
way fixes the provisioning as it's not working with the wrong/default
buildpacks.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-31 14:00:49 +01:00
Christoph (Sheogorath) Kern
80950f806b
Merge pull request #707 from Nebukadneza/add_cmdline_usermanager
Add simple user-management tool for emailsignin
2018-01-29 22:35:20 +01:00
Sheogorath
be02aed1c0
Update badges in README.md
The docker badges have to be updated since we now provide official image
like tags. So `latest-alpine` became `alpine`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-29 22:01:31 +01:00
Dario Ernst
9e0359e079 Add simple user-management tool for emailsignin …
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-29 19:49:04 +01:00
Christoph (Sheogorath) Kern
e18e05541c
Merge pull request #705 from SISheogorath/fix/camelcaseConfig
Remove camel case from `imageuploadtype` in config
2018-01-29 15:53:14 +01:00
Sheogorath
bd92010dd2
Remove camel case from imageuploadtype in config
This removes the only camel cased option of the config options
**we** added to the config.json.

In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.

Fixes #315

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-27 23:50:15 +01:00
Sheogorath
aca5490b3a
Add recommendation for 2GB RAM
We noticed on multiple places that machines with less than 2GB of RAM
fail their build and result in missing files and unexpected errors.

Sadly we can't really solve this right now since it's a webpack
related bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-26 18:30:01 +01:00
Sheogorath
0138911274
Extend README changes for minio 2018-01-26 10:23:51 +01:00
Sheogorath
587a6e2239
Add README and config.json.example content
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-23 11:59:07 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Dario Ernst
6ae4b8bf13 Add option to enable freely permission in closed instance
Before, closed disallowed guest edits completely, by removing
the `freely` permission. This makes it possible to explicitely bring
back guest-editing, but not guest-note-creation, to closed instances.

Signed-off-by: Dario Ernst <dario@kanojo.de>
2018-01-20 15:14:56 +01:00
Max Wu
d073a8ea19
Update README.md
To show "Community Edition" on title.
2018-01-18 13:36:12 +08:00
schneems
0b7b7244b5 [ci skip] Add CodeTriage badge
[CodeTriage](https://www.codetriage.com/) is an app I have maintained
for the past 4-5 years with the goal of getting people involved in
Open Source projects like this one. The app sends subscribers a random
open issue for them to help "triage". For some languages you can also
suggested areas to add documentation.

The initial approach was inspired by seeing the work of the small
core team spending countless hours asking "what version was
this in" and "can you give us an example app". The idea is to
outsource these small interactions to a huge team of volunteers
and let the core team focus on their work.

I want to add a badge to the README of this project. The idea is to
provide an easy link for people to get started contributing to this
project. A badge indicates the number of people currently subscribed
to help the repo. The color is based off of open issues in the project.

Here are some examples of other projects that have a badge in their
README:

- https://github.com/crystal-lang/crystal
- https://github.com/rails/rails
- https://github.com/codetriage/codetriage

Thanks for building open source software, I would love to help you find some helpers.
2018-01-03 21:08:15 -06:00
Christoph (Sheogorath) Kern
17e3b8b5cd
Merge branch 'master' into ldap-username-field 2017-12-12 10:27:22 +01:00
alecdwm
5e5a021ce0 parse HMD_LDAP_SEARCHATTRIBUTES env var as a comma-separated array
Signed-off-by: Alec WM <firstcontact@owls.io>
2017-12-09 20:33:57 +01:00
Christoph (Sheogorath) Kern
e9e7a8e23d
Update README.md 2017-12-09 19:36:18 +01:00
Lukas Kalbertodt
612b2d1811 Add setting ldap.usernameField
This determines which ldap field is used as the username on
HackMD. By default, the "id" is used as username, too. The id
is taken from the fields `uidNumber`, `uid` or
`sAMAccountName`. To give the user more flexibility, they can
now choose the field used for the username instead.
2017-12-09 12:30:48 +01:00
Norihito Nakae
2db2ff484f added guide for SAML settings 2017-12-04 20:13:15 +09:00
Norihito Nakae
410268da74 added environment variables for SAML 2017-11-29 20:26:28 +09:00
Norihito Nakae
4a4ae9d332 Initial support for SAML authentication 2017-11-28 18:52:24 +09:00
Devon Jue
8c916bb987 added auth docs and images for GitHub and Twitter 2017-11-08 21:20:50 -08:00
Peter Dave Hello
05541f1546
[README] Add icons to browser version support list 2017-10-31 22:13:36 +08:00
Sheogorath
16b3e015ab
Merge pull request #606 from DoubleMalt/feature/MattermostAuth
Add Mattermost authentication strategy
2017-10-31 12:11:41 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath
803a2776ad
Extend docker section 2017-10-30 07:50:50 +01:00
Sheogorath
94021e2d34 Merge pull request #574 from PeterDaveHello/README.md-Table-of-Contents
Add "Table of Contents" in README.md
2017-10-27 11:51:50 +02:00
geekyd
0be09e109f Adds HMD_ALLOW_PDF_EXPORT to readme 2017-10-25 19:20:36 +05:30
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Felix Yan
b72556b915 Fix a typo in README.md 2017-10-17 23:48:33 +08:00
Peter Dave Hello
0864b06e0c Integrate npm package "doctoc" to update README.md 2017-10-13 16:21:25 +08:00
Peter Dave Hello
6fadd9126e Add "Table of Contents" in README.md 2017-10-13 15:59:57 +08:00
Peter Dave Hello
4ebda60165 Reorganize README.md structure, cc #574 2017-10-13 15:57:58 +08:00
Literallie
6bdc90d6ff
Add env vars for extra HSTS options 2017-10-13 01:42:05 +02:00
Literallie
1634d5c567
Add on/off env var for HSTS 2017-10-13 01:42:05 +02:00
Literallie
56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Peter Dave Hello
121b089d96 Add version badge in README.md 2017-10-10 21:54:13 +08:00
Johannes Weißl
89a2389586 Correct documentation of S3 bucket
Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can
be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th
2016 used `s3bucket`. Instead of fixing the code (#552) to match the
documentation this commit changes just the documentation so that
existing configurations are not broken. Also, the `s3` object is passed
as is to `AWS.S3()`, which does not know the option `bucket` (but
silently ignores it in my test).

http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property

Following the old documentation leads to this exception:

    2017-09-23T09:42:38.079Z - error:  MissingRequiredParameter: Missing required key 'Bucket' in params
        at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37)
        at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14)
        at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21)
        at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10)
        at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
        at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9
        at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7)
        at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9
        at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7)
        at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24)
        at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9)
        at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26)
        at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18)
        at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
2017-09-23 18:28:57 +02:00
Wonder Chang
af58a71238 Add defaultpermission protected example value 2017-03-25 17:00:43 +08:00
Max Wu
16d80edc65 Fix badges and links in README.md 2017-03-14 23:30:35 +08:00
Wu Cheng-Han
506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
BoHong Li
8246ac3850 Add JavaScript Standard Style badge in README
add badge to let people know that code is using the standard style
2017-03-13 18:42:22 +08:00
bananaappletw
c48ba0ad48 Test up to 7.5.0 2017-02-15 22:09:09 +08:00
bananaappletw
4198d0d560 Add travis ci 2017-02-15 19:11:53 +08:00
NV
00d1543a10 simplified description 2017-02-10 11:49:45 +09:00
NV
a0d16eec23 Update README 2017-02-09 11:45:34 +09:00
Max Wu
6587e7ccc6 Merge pull request #343 from sakajunquality/feature/fix-read-me-for-gcc
Add additional comment about Prerequisite to README
2017-02-08 15:10:02 +08:00
Jun SAKATA
2ab57effbd add reference to packages, instead of writing down solutions for specific os 2017-02-08 15:30:31 +09:00
Wu Cheng-Han
bbbf64aae4 Fix HMD_LDAP_TLS_CA not passing correctly and update README.md 2017-02-07 21:17:05 +08:00
Jun SAKATA
c49a0849b2 add sudo 2017-02-06 17:48:08 +09:00
Jun SAKATA
373f32aab7 Add additional comment about Prerequisite to README 2017-02-06 17:41:46 +09:00
Yukai Huang
75e28a1d5e Merge branch 't216-refactor-common' into 'frontend-next'
T216 refactor common

See merge request !5
2017-01-15 03:45:19 +00:00
Yukai Huang
c0e8306961 Merge branch 'frontend-next' into t216-refactor-common 2017-01-15 11:33:22 +08:00
bananaappletw
77994508e6 Update README.md for npm script 2017-01-14 15:27:24 +08:00
Yukai Huang
98c0cfc6a7 Update README 2017-01-14 15:24:31 +08:00
Yukai Huang
3d6b319216 Merge branch 'master' into frontend-next 2017-01-13 22:53:33 +08:00
Wu Cheng-Han
3cf40a8dec Update README.md to describe allowemailregister config more clear 2017-01-13 00:51:40 +08:00
Sheogorath
747629e549 Add allowemailregister option 2017-01-12 13:54:45 +01:00
neopostmodern
ff545b2688 Allow displaying LDAP provider name on sign-in modal 2017-01-09 12:49:23 +01:00
Max Wu
b13635aac9 Merge pull request #279 from alecdwm/ldap-auth
Support for LDAP server authentication
2017-01-09 00:49:40 +08:00
bananaappletw
78c51e5e88 Revert "Rename npm script"
This reverts commit ed83dfc862.
2017-01-04 14:30:47 +08:00
Wu Cheng-Han
f9d2f68959 Update README.md about migration tool of version 0.5.0 2017-01-02 11:15:20 +08:00
bananaappletw
96fb3743f3 Use dburl to configurate 2016-12-22 21:51:48 +08:00
Florian Rhiem
fdea226159 Fixed typo: anonmyous 2016-12-21 14:36:54 +01:00
Wu Cheng-Han
5bb3de2675 Add support of allow free url config option with correspond modifications 2016-12-16 15:38:05 +08:00
Wu Cheng-Han
5c7eb48319 Add support of allow anonymous config option with correspond modifications 2016-12-15 14:11:23 +08:00
alecdwm
6ba9a2f039 Added HMD_LDAP_TLS_CA env variable 2016-12-14 11:49:33 +01:00
alecdwm
02e9927714 Initial support for LDAP server authentication
Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
2016-12-13 22:41:07 +01:00
Max Wu
9769b0c872 Update README.md
to mention about build front-end bundle on upgrade guide
2016-12-11 23:24:04 +08:00
Yukai Huang
9e6fd505e1 Remove bower occurences 2016-12-11 11:18:08 +08:00
Yukai Huang
ed83dfc862 Rename npm script
webpack scripts are meant to “build” assets, so place them under the same namespace

* dev => build:dev
* build => build:prod
2016-12-10 22:12:07 +08:00
Wu Cheng-Han
a73d9ce39e Update to support optional email register and signin 2016-12-02 01:58:14 +08:00
Yukai Huang
aaf034bfbc Update README 2016-11-17 18:27:53 +08:00
Max Wu
58533aded3 Update README.md
browser requirement of chrome to 47 in order to avoid SRI not valid issue https://bugs.chromium.org/p/chromium/issues/detail?id=527286
2016-10-31 15:32:36 +08:00
Wu Cheng-Han
d37321e28d Change use cdn config option default to be true 2016-10-23 22:27:02 +08:00
Yukai Huang
9f63581c61 Config heroku deployment 2016-10-16 11:20:29 +08:00
Max Wu
432106b7c6 Update README.md
add charset requirement about DB, refer to issue #208
2016-10-16 00:53:33 +08:00
Wu Cheng-Han
7edd39846c Update README.md about front-end bundle process 2016-10-15 14:35:31 +08:00
Max Wu
422d9cd4ee Update README.md 2016-10-11 12:43:19 +08:00
Wu Cheng-Han
dfc8aeeba0 Add more environment variables for server configuration, update related section in README.md 2016-10-10 21:16:58 +08:00
Wu Cheng-Han
bf4c6d021c Extract config.js from common.js to make client setting file clean and also make upgrade easier 2016-10-10 16:25:51 +08:00
Yukai Huang
ec8fb1931b Update REAME setup script description 2016-10-05 14:17:32 +08:00
Yukai Huang
6f53d40d6a Update README get started section 2016-10-05 12:12:45 +08:00
Max Wu
f4d4eb1681 Update README.md 2016-10-04 18:05:30 +08:00
Yukai Huang
0ba06df7bc Fix README markdown 2016-10-04 16:41:26 +08:00
Laura Kyle
5951611840 Update README.md 2016-10-02 23:00:54 -04:00
Laura Kyle
715fdcf657 Update README.md 2016-10-02 22:33:30 -04:00
Max Wu
e3a31bc732 Update README.md
Add Third-party integration oauth callback urls
2016-07-05 23:16:02 +08:00